Legal claims defining the scope of protection, as filed with the USPTO.
1. A cloud-based key injection system, comprising: at least one key injection sub-system including a key generation device and a quantum key distribution device connected with the key generation device; and a cloud-based encryption machine hosting sub-system including an encryption machine and a quantum key distribution device connected with the encryption machine, wherein: the encryption machine includes a virtual encryption device, the key injection sub-system and the encryption machine hosting sub-system are connected with each other through their respective quantum key distribution devices, the key generation device is configured to generate a root key component and to send the root key component via the quantum key distribution devices to the encryption machine, and the encryption machine is configured to receive root key components from one or more key generation devices and to generate a root key of the virtual encryption device in accordance with the received root key components.
2. The cloud-based key injection system of claim 1 , wherein: the quantum key distribution devices are configured to negotiate a shared key pair between the key generation device and the encryption machine, and the quantum key distribution device of the at least one key injection sub-system is configured to use a negotiated shared key to perform encryption transmission of the root key component to the encryption machine.
3. The cloud-based key injection system of claim 1 , wherein the at least one key injection sub-system includes one key injection sub-system; and the key generation device of the key injection sub-system is configured to generate a number of root key components for the virtual encryption device and to send the root key components via the quantum key distribution devices to the encryption machine.
4. The cloud-based key injection system of claim 1 , wherein: the encryption machine is further configured to generate one root key component for the virtual encryption device and to generate the root key of the virtual encryption device in accordance with the received root key components from the at least one key injection sub-system and from the encryption machine.
5. The cloud-based key injection system of claim 4 , wherein: the at least one key injection sub-system comprises a cloud-based management sub-system and a user sub-system located at a client terminal; the management sub-system comprises a quantum key distribution device and a management device including the key generation device; and the user sub-system comprises a quantum key distribution device and a terminal device including the key generation device.
6. The cloud-based key injection system of claim 5 , wherein the terminal device of the user sub-system is further configured to generate a user master key and to transmit the user master key to the encryption machine.
7. The cloud-based key injection system of claim 6 , wherein the terminal device of the user sub-system is further configured to generate a user work key and to transmit the user work key to the encryption machine.
8. The cloud-based key injection system of claim 1 , wherein the quantum key distribution device comprises a quantum encryption machine having a data encryption and decryption function.
9. The cloud-based key injection system of claim 1 , wherein the encryption machine is configured to generate a root key of the virtual encryption device in accordance with the received root key components by using a secret reconstruction algorithm based on a threshold secret sharing mechanism.
10. A key injection method for an encryption machine comprising: receiving, by the encryption machine, root key components from at least one key injection sub-system; and generating, by the encryption machine, a root key in accordance with the received root key components from the at least one key injection sub-system, wherein: the encryption machine is connected to a quantum key distribution device; each of the at least one key injection sub-system includes a quantum key distribution device; and receiving, by the encryption machine, the root key components from the at least one key injection sub-system comprises receiving, by the encryption machine, via the quantum key distribution devices, the root key components from the at least one key injection sub-system.
11. The key injection method of claim 10 , wherein: the encryption machine includes a virtual encryption device; and the root key is for the virtual encryption device.
12. The key injection method of claim 10 , wherein each root key component is generated by a key generation device of the at least one key injection sub-system.
13. The key injection method of claim 10 , further comprising generating a root key component by the encryption machine, wherein generating, by the encryption machine, the root key in accordance with the received root key components from the at least one key injection sub-systems comprises: generating, by the encryption machine, the root key in accordance with the received root key components from the at least one key injection sub-system and the root key component generated by the encryption machine.
14. The key injection method of claim 10 , further comprising negotiating, by the encryption machine with each of the at least one key injection sub-system a shared key pair, and wherein the root key components from the at least one key injection sub-system are encrypted with a key in the shared key pair.
15. The key injection method of claim 10 , wherein: the at least one key injection sub-system comprises a cloud-based management sub-system and a user sub-system located at a client terminal, the cloud-based management sub-system including a key generation device, and the user sub-system including a key generation device.
16. The key injection method of claim 15 , further comprising: receiving a user master key generated by the user sub-system from the user sub-system.
17. The key injection method of claim 15 , further comprising: receiving a user work key generated by the user sub-system from the user sub-system.
18. The key injection method of claim 10 , further comprising verifying identities of the at least one key injection sub-system.
19. The key injection method of claim 10 , wherein generating, by the encryption machine, the root key in accordance with the received root key components from the at least one key injection sub-system comprises: generating, by the encryption machine, a root key in accordance with the received root key components from the at least one key injection sub-system by using a secret reconstruction algorithm based on a threshold secret sharing mechanism.
20. A key injection apparatus for an encryption machine, comprising: a memory storing a set of instructions; and a processor configured to execute the set of instructions to cause the key injection apparatus for the encryption machine to perform: negotiating a shared key pair with at least one key injection sub-system; receiving root key components from the at least one key injection sub-system; generating a root key component for a virtual encryption device on the encryption machine; and generating a root key in accordance with the root key component for the virtual encryption device and the root key components received from the at least one key injection sub-system, wherein: the encryption machine is connected to a quantum key distribution device: each of the at least one key injection sub-system includes a quantum key distribution device; and receiving the root key components from the at least one key injection sub-system comprises receiving, via the quantum key distribution devices, the root key components from the at least one key injection sub-system.
21. The key injection apparatus of claim 20 , wherein: the root key components received from the at least one key injection sub-system are encrypted with a key in the shared key pair.
22. The key injection apparatus of claim 20 , wherein: the at least one key injection sub-system includes a cloud-based management sub-system including a key generation device and a user sub-system including a key generation device located at a client terminal.
23. The key injection apparatus of claim 20 , further comprising generating the root key by using a secret reconstruction algorithm based on a threshold secret sharing mechanism.
24. A non-transitory computer readable medium that stores a set of instructions that is executable by at least one processor of an encryption machine to cause the encryption machine to perform a key injection method comprising: receiving root key components from at least one key injection sub-system; and generating a root key in accordance with the received root key components from the at least one key injection sub-system, wherein: the encryption machine is connected to a quantum key distribution device; each of the at least one key injection sub-system includes a quantum key distribution device; and receiving root key components, from the at least one key injection sub-system comprises receiving, via the quantum key distribution devices, the root key components from the at least one key injection sub-system.
25. The computer readable medium of claim 24 , wherein: the encryption machine includes a virtual encryption device; and the root key is for the virtual encryption device.
26. The computer readable medium of claim 24 , wherein each root key component is generated by a key generation device of the at least one key injection sub-system.
27. The computer readable medium of claim 24 , wherein the key injection method further comprises generating a root key component by the encryption machine, wherein generating the root key in accordance with the received root key components from the at least one key injection sub-systems comprises: generating the root key in accordance with the received root key components from the at least one key injection sub-system and the root key component generated by the encryption machine.
28. The computer readable medium of claim 24 , wherein the key injection method further comprises: negotiating with each of the at least one key injection sub-system a shared key pair, and wherein the root key components from the at least one key injection sub-system are encrypted with a key in the shared key pair.
29. The computer readable medium of claim 24 , wherein: the at least one key injection sub-system comprises a cloud-based management sub-system and a user sub-system located at a client terminal, the cloud-based management sub-system including a key generation device, and the user sub-system including a key generation device.
30. The computer readable medium of claim 29 , wherein the key injection method further comprises: receiving a user master key generated by the user sub-system from the user sub-system.
31. The computer readable medium of claim 29 , wherein the key injection method further comprises: receiving a user work key generated by the user sub-system from the user sub-system.
32. The computer readable medium of claim 24 , wherein the key injection method further comprises: verifying identities of the at least one key injection sub-system.
33. The computer readable medium of claim 24 , wherein generating the root key in accordance with the received root key components from the at least one key injection sub-system comprises: generating the root key in accordance with the received root key components from the at least one key injection sub-system by using a secret reconstruction algorithm based on a threshold secret sharing mechanism.
Unknown
May 28, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.